Hi Bazsi,
Would you look at the section of RFC3411 that David Harrington forwarded
and put those sections in a priority order as you see they would apply to
syslog?
Thanks,
Chris
On Thu, 26 Jan 2006, Balazs Scheidler wrote:
On Thu, 2006-01-26 at 18:10 +0100, Tom Petch wrote:
I disagree. I think this list of threats is excessive.
As I have said before, I regard integrity and message origin authentication as
the needs, with modification and spoofing as the threats. I do not see
observation as a problem and although others have said it is, noone has given an
example of a syslog message that is so significant that it must be kept secret.
Doubtless someone will produce some but I doubt I will ever be convinced that it
is as important as the first two threats I mention.
Application Layer firewall logs may contain sensitive information such
as passwords, especially when running at a high log level.
Lots of people are using syslog-ng with stunnel for similar reasons now.
So maybe we should consider both schemes: authenticating the origin of
each message _AND_ standardizing encrypted transport. I vote for
encrypted transport but there might be enough support for the first one
as well.
--
Bazsi
_______________________________________________
Syslog mailing list
Syslog@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/syslog